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DOCUMENT- IDENTIFIER: US 6859790 Bl 

TITLE: Data distribution system and method thereof, data processing device, data 
control device, and machine -readable recording medium recording distribution data 

Abstract Text (1) : 

A contents provider, stores contents data in a container in a format which can only 
be decoded with a key distributed from an EMD service center, and transmits the 
container to a service provider. The service provider adds pricing information and 
the like and distributes this to a user home network. The user home network pays 
charges to the EMD service center based on the pricing information, receives the 
key, and decodes the contents data. Information regarding the number of times which 
copying is permitted is contained in the secure container, and the nu mber of ti mes 
permitted is increased each time charges are paid, thereby enabling nn rn 

c otJier _ttre"dia and the li ke. It is impossible to make copies from a container simply 
' copiecT, . or in cases Wnere in the number of permitted times of copies has been used 
up. Thus, contents data can be distributed in a format wherein copying of contents 
data can be controlled including the number of copies made. 



Application Filing Date (1) : 
20001018 ' 

B rief Summary Text (7) : 

The copy control bits are bits representing the state whether or not the c ontents 
can be copied, and the. category code are bits representing the path, of from what 
sort of media or what sort of network the contents were previously recorded. 

Brief Summary Text (10) : 

For example, the CCI (Copy Control Information) and CGMS-A/D (Copy Generation 
Management System) being considered by the CPTWG (Copy Protection Technical Working 
Group) which is an operation organization of the copyright -related industry started 
to deal with DVD-ROM copyright protection issues, and the EMI-CCI ( Encryption Mode 
Indicator-CCI) used with the 13 94CP ( Content Protection) which is a copyright 
protection measure for inter-equipment (home electronics) digital interfaces, but 
all of these end up simply changing the names of the SCMS copy control bits and 
continuing to use the same. 

Brief Summary Text (14) : 

Now, rapid digitizing of broadcast networks, communication networks, and home 
electronics has necessitated the advent of high-level technology such as encryption 
technology and electronic watermarking technology, as a system to protect 
copyrights of digital contents . Further, the present state has reached a point 
which SCMS cannot deal with, even as a system to control copying. 

Brief Summary Text (18) : 

For example, in the event that one legally purchases a packaged media and lends it 
to a friend, the f r-li=>ncLi s gaga ble of making as many copies j ts he/she wants to, to 
his/her recording meaTa"! LeTTcTTng-n&Trfe^ u o ^ friends allows each 

of them to make an infinite numbgj^-oX— copies to their recording medi a. Moreover, in 
the evenT~~£Ealr~one legally purcfiases a^pacKagea media ana ccspx es uir t r to 3 
recording medium, and distributes this to a friend, the friend can obtain the 
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contents for free. 



Brief Summary Text (24) : 

Such various types of problems regarding copy control of digital contents - are being 
pointed out from the copyrighting side, and it should be noted that each of these 
problems arise from the fact that the SCSM p ermits ^aninfin^e nu mber of c opies to 
be made in parallel generations*. ^mamm^^^ m 

Brief Summary Text (34) : 

To this end, the data distribution system according to the present invention 
comprises: a data distributing device which adds to desired contents data which is 
the object of distribution use control information containing information of the 
number of permitted times of use, which is the number of times that arbitrary use 
including either one or both of recording and playing the contents data is to be 
permitted and generates distribution data; and a data processing device which, 
based on the information of the number of permitted times of use of the contents 
data of the generated distribution data, detects whether or not the use of the 
contents data is permitted, uses the contents data in the event that use thereof is 
permitted, and updates the use control information so as to decrease the number of 
permitted times of use based on the usage. 

Brief Summary Text (35) : 

Also, the data distribution method according to the present invention: adds to 
desired contents data, in a manner wherein external operation is impossible; use 
control information containing information of the number of permitted times of use, 
which is the number of times that arbitrary use of the contents data including 
either one or both of recording and playing the contents data is to be permitted, 
and generates distribution data; distributes the distribution data to a desired 
distribution destination; detects whether or not the use of the contents data of 
the distribution data is permitted, based on the use control information of the 
distributed distribution data, at the distribution destination; uses the contents 
data in the event that use thereof is permitted as the result of the detection; and 
updates the use control information so as to decrease the number of permitted times 
of use according to the usage. 

Brief Summary Text (36) : 

Also, the data processing device according to the present invention comprises: 
control information extracting means for extracting, from distribution data wherein 
use control information containing information of the number of permitted times of 
arbitrary use of the contents data including either one or both of recording and 
playing the contents data has been added to desired contents data, information of 
the number of permitted times of use from the use control information; use 
permitting means for detecting whether or not use of the content data is permitted, 
based on the extracted information of the number of permitted times of use; use 
control means for controlling the use so as to use the contents data in the event 
that use thereof is permitted as the result of the detection; using means for using 
the contents data based on the control; and control information updating means for 
updating the use control information so as to decrease the number of permitted 
times of use, based on the usage. 

Brief Summary Text (37) : 

Also, the data use control device according to the present invention is provided to 
a device which uses the contents data of distribution data wherein use control 
information containing information of the number of times that arbitrary use of the 
contents data including either one or both of recording and playing the contents 
data is to be permitted, is added to desired contents data to be distributed; the 
data use control device comprising: control information extracting means for 
extracting, from the distributed distribution data, information of the number of 
permitted times of use of the use control information; use permitting means for 
detecting whether or not use of the content data is permitted, based on the 
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extracted information of the number of permitted times of use; use control means 
for controlling use so as to use the contents data in the event that use thereof is 
permitted as the result of the detection; and control information updating means 
for updating the use control information so as to decrease the number of permitted 
times of use, based on the usage, in the event that the contents data is used. 

Detailed Description Text (12) : 

The distribution key is sequentially validated and updated every certain period, 
such as once a month, and the key server 114 generates and stores several months 
worth of distributing keys, and transmits several months worth together to the 
contents provider 2 00, service provider 3 00, and user home networks 4 00. sub. -1 and 
400 .sub. -2 . 



Detailed Description Text (19) : 

The information of whether or not registration can be made indicates whether or not 
tne contents can be used, and for example, in the event that there is a request for 
registration from equipment in the user home networks 4 00. sub. -1 and 400. sub. -2, 
the user registration database is searched, and depending on the recorded contents 
thereof, the equipment is registered or registration thereof is denied. This 
information of whether or not registration can be made is continuously updated, • 
based on information such as whether there have been any unpaid bills or 
unauthorized processing, etc., provided from settlement firms such as banks* and 
credit companies, the service provider 3 00, and so forth. Accordingly, the user 
administrative unit 118 denies registration of equipment having an ID which has 
been recorded to be registration not available, due to unpaid bills for example, 
and subsequently this equipment cannot use contents . 

Detailed Description Text (111) : 

The amount of money required for one copy may be set so as to be an equal price 
however many copies are made, or set to decrease each time the number of copies 
increase, to service the customer. Also, an inverse arrangement may be taken to 
restrict the number of copies made. In any case, this is determined by the contents 
provider 200 or the service provider 300. 

D etailed Description Text (117) : 

With the purchasing method, the user buys the contents with an amount of, money 
equivalent to the contents from the beginning. This is a format close to the way in 
w h^cJ^c_ontents are currently bel rux^sold. However, thgr^J ^jig ^ iiaed 
uncondlTional^ ttwt&j-t anc * an arrangement may be made 

w?Sr^tn~th~e'nrcaori^ number of times of playing, 

maxi mum ^nu mber of copies, etc., may be restricted by being listed in the handling 

Detailed Description Text (133): 

Now, in the event that the user desires to copy two generations to the parallel 
generations (media E/F) , two of the recording tickets held are counted, and the 
contents are copied to the media E and F. At the same time, the user desires to 
copy in the serial generation direction of the media F, so one recording tickets is 
handed over. Consequently, the media F has one copy ticket, and the media C has 
used all of the tickets and has zero. 



Detailed Description Text (137) : 

P^rJggming_c opy rest rj^tion^jji j^is jajraer_can^om^ 

ma1ie~lfroi^^ wli'lull w BreHregiTI maj^ IF" is appropriate that 

-trhe user-fee aiioweH one copy as an already-had right - ; for contents of purchased 
packaged medial . 

Detailed Description Text (167) : 

Then, the value obtained by^^ssing_th_e_curxenj :_. value through^th g —h ^sh f u n rti . o n^f ^ 
once each time the user makes a copy is c^m^areg~wrtn the permitted number of 



http ://westbrs:9000/bin/gate.exe?f=doc&state=ustlan. 11.1 &ESNAME=KWIC&p_Message=&. . . 6/3/05 



Record Display Form 



Page 4 of 11 



generations, confirmation is made regarding whether or not this has exceeded the 
purchased number of tickets, and if not so, the copy action is permitted. 

Detailed Description Text (175) : 

Consequently, the number of permitted generations and the current value of the 
media B, D, D, and E are T(l) , T(2), T(3), and T(4), and the number of recording 
tickets is zero, and in this state contents are copied . 

Detailed Description Text (182) : //- 
Further, in FIG. 23, the contents are copied to the media E by the^recording ticket 
of the media C. 



Detailed Description Text (257) : 
Information regarding what sorts of contents 





Detailed Description Text (236) : 

Also, with the EMD system 1, the media A at the playing sid#^can connect to the EMD 
service center at the same time as purchasing contents anc#purchase a necessary 
number of recording tickets beforehand. Accordingly, an/equivalent amount is 
returned to the copyright holder at this point, and thJFmedia A has the right to 
make as many copies as the number of recording ticket^purchased, so subsequent 
copying can be performed offline, not connected to tme network. That is, perpetual 
communication with the EMD service center 100 is noje necessary, and settlement can 
be made offline. 



c opied to which media is stored 



within the SAM 462, in the 
/playing device 450 and the recorder 



in the storing module 473 which is secret 
equipment such as the communication recordii 
453 with SAMs installed. 

US Reference Patent Number (1) : 
5715403 

CLAIMS: 

1. A data distribution system, comprising: a data distributing device which adds to 
desired contents data which is the^>bject of distribution use control information 
containing information of the numgjlr of permitted times of use, which is the number 
of times that use including eithjpr one or both of recording and playing said 
contents data is to be permitted and generates distribution data; and a data 
processing device which, basedpon the information of the number of permitted times 
of use of said contents dataipr said generated distribution data, detects whether 
or not the use of said contorts data is permitted, uses said contents data in the 
event that use thereof is pJSrmitted, and updates said use control information so as 
to decrease said number of permitted times of use based on said usage; wherein said 
data processing device comJSrises a signal processing device wherein external 
observation and alteration of the signal processing state is impossible, and 
wherein said signal processing device performs detection of whether or not use of 
said contents data is permitted, control of use of said contents data based on said 
detection results, and/ aipdating of said use control information based on said use; 
wherein in the event of recording said contents data, said data processing device 
generates new distribution data by adding to said contents data said use control 
information containing said information of the number of permitted times of use 
that has been newl^f and performs recording with said distribution data as a unit; 
and further comprising an administration device which is connected so as to be 
capable of commurarcation with at least said data processing device, and which 
performs billingmrocessing relating to the use of said contents data, based on 
information relying to use of said contents data sent from said data processing 
device; wherein/said data processing device sends information relating to the use 
of said content^ data to said administration device; wherein said data distributing 
device generates said distribution data by adding to said desired data information 
relating to tffe billing format whereby settlement can be made at said data 
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processing device at the time of using said contents data, as said^use control 
information; wherein said data processing device determines the^^J.ling format for 
use of said contents data, based on said information re lating^^D billing format 
from said use control information of said distribution dataj^^herein said data 
processing device sends information relating to the determined billing format to 
said administration device; and wherein said administration device performs billing 
processing relating to use of said contents data, based^Sn said information 
relating to billing format sent from said data processjjjmg device. 




2. A data distribution system, comprising: a data distributing device which adds to 
desired contents data which is the object of distrarBution use control information 
containing information of the number of permitted^ times of use, which is the number 
of times that use including either one or bothjpf recording and playing said 
contents data is to be permitted; and generates distribution data; and a data 
processing device which, based on the information of the number of permitted times 
of use of said contents data of said generated distribution data, detects whether 
or not the use of said contents data is permitted, uses said contents data in the 
event that use thereof is permitted, andj Eupdates said use control information so as 
to decrease said number of permitted t lines of use based on said usage; wherein said 
data processing device comprises a signal processing device wherein external 
observation and alteration of the signal processing state is impossible, and 
wherein said signal processing devices performs detection of whether or not use of 
said contents data is permitted, control of use of said contents data based on said 
detection results, and updating of^said use control information based on said use; 
wherein in the event of recording^ said contents data, said data processing device 
generates new distribution data^by adding to said contents data said use control 
information containing said information of the number of permitted times of use 
that has been newly set, and performs recording with said distribution data as a 
unit; and wherein said data processing device sends information relating to the 
number of times of use of saa'd contents data to said administration device; and 
wherein said administratioryaevice performs billing processing, based on said 
information relating, to thjr number of times of use of said contents data that is 
sent . 



3. A data distribution system, comprising: a data distributing device which adds to 
desired contents data which is the object of distribution use control information 
containing inf ormationjpf the number of permitted times of use, which is the number 
of times that use incHftiding either one or both of recording and playing said 
contents data is to permitted; and generates distribution data; and a data 



processing device whfcfch, based on the information of the number of permitted times 
of use of said cont.emt s data of said generated distribution data, detects whether 
or not the use of sjaid contents data is permitted, uses said contents data in the 
event that use thejreof is permitted, and u pdates said use control information so as 
to decrease said number of permitted times of use based on said usage wherein said 
data processing dpvice comprises a signal processing device wherein external 
observation and ^Iteration of the signal processing state is impossible, and 
wherein said signal processing device performs detection of whether or not use of 
said contents dSta is permitted, control of use of said contents data based on said 
detection results, and updatin g of sa i d use control information based on said use; 
wherein in thejevent of^Wc^r?ing M s l a?^ ^BIff^nts data, said data processing device 
generates newjfdistribution data by adding to said contents data said use control 
information containing said information of the number of permitted times of use 
that has beeM newly, and performs recording with said distribution data as a unit; 
and further Comprising an administration device which is connected so as to be 
capable of iS>mmunication with at least said data processing device, and which 
performs baling processing relating to the use of said contents data, based on 
information relating to use of said content s data sent from said data processing 
device; wherein said data processing device sends information relating to the use 
of said contents data to said administration device; wherein said data distributing 
device generates said distribution data containing information of number of 
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permittee! t ijne^ ^^use^re^resented by a hash val ue obtained by passing a 
pi^9exe¥ffiF?ieairiixS^^a B rc anumberoft^jjgs^ equal to the 

number of times that use is permitted; and information ' of tke" essential number of 
times of use represented by said predetermined initial value as use control 
information; and wherein said data processing device restricts use of said 
distribution data in the event that the hash value,, indicating the maximum number of 
times of use allowed and the hash value ^ncfi^aTTn^the number of times of essential 
use become the same. 

5. .A data distribution method, which: adds to desired contents data, in a manner ^ 
wherein external operation is impossible, use control information containing 
information of the number of permitted times of use, which is the number of ^rtles 
that use of said contents data including either one or both of recording ajMT 
playing said contents data is to be permitted, and generates distributiojp^lata; 
distributes said distribution data to a desired distribution destination; detects 
whether or not the use of said contents data of said distribution dara is 
permitted, based on said use control information of said distributed distribution 
data, at said distribution destination; uses said contents data^n the event that 
use thereof is permitted as the result of said detection; and ^pdates said use 
control information so as to decrease said number of permi^ed times of use 
according to said usage; wherein detection of whether or i(ot use of said contents 
data is permitted, control of use of said contents data^aased on said detection 
results, and updating of said use control inf ormatioi^oased on said use, are 
performed within a signal processing device regarding which external observation 
and alteration of the signal processing state is impossible; wherein in the event 
that said contents data has been used, said distribution destination sends 
information relating to use of said contents <^rca to a predetermined administration 
device; wherein said administration device pjfrforms billing processing relating to 
use of said contents data, based on said generated information relating to use of 
said contents data; and wherein in the evdnt of using said c ontents data by 
recording, this is performed by using as^ unit; said distribution data containing 
said contents data and said use contro^rinf ormation containing said information of 
the number of permitted times of use Jpat has been newly set; wherein said 
distribution data contains information relating to the billing format for said 
contents data within said use contjpl information; and wherein the billing format 
for use of said contents data is determined at said distribution destination, based 
on said information relating to the billing. format of said use control information 
for said distribution data. 

9. A data distribution method, which: adds to desired contents data, in a manner 
wherein external operation is impossible, use control information containing 
information of the number of permitted times of use, which is the number of times 
that use of said content s data including either one or both of recording and . 
playing said contents data is to be permitted, and generates distribution data; 
distributes said distribution data to a desired distribution destination; detects 
whether or not the use of said contents data of said distribution data is 
permitted, based on said use control information of said distributed distribution 
data, at said distribution destination; uses said contents data in the event that 
use thereof is permitted as the result of said detection; and up dates said use 
control informatioj/ so as to decrease said number of permitted times of use 
according to saidmisage; wherein detection of whether or not use of said contents 
data is permitted^ control of use of said contents data based on said detection 
results, and upyting of said use control information based on said use, are 
performed withi# a signal processing device regarding which external observation 
and alteration^f the signal processing state is impossible; wherein in the event 
that said contents data has been used, said distribution destination sends 
information relating to use of said contents data to a predetermined administration 
device; wherein said administration device performs billing processing relating to 
use of sai d contents data, based on said generated information relating to use of 
said contents data; and wherein in the event of using said contents data by 
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recording, this is performed by using as a^iinit; said distribution data containing 
said contents data and said use control ^information containing said information of 
the number of permitted times of use that has been newly set; wherein said billing 
is not performed for the first recording after distribution of said distribution 
data. ^ 

10. A data distribution method, which: adds to desired contents data, in a manner 
wherein external operation is impossible, use control information containing 
information of the number of permitted times of use, which is the number of times 
that use of said contents data including either one or both of recording and 
playing said contents data is to be . permitted, and generates distribution data; 
distributes said distribution data to a desired distribution destination; detects 
whether or not the use of said contents data of said distribution data is 
permitted, based on said use control information of said distributed distribution 
data, at said distribution destination; uses said contents data in the event that 
use thereof is permitted as the result of said detection; and updates said use 
control information so as to decrease said number of permitted times of use 
according to said usage; wherein detection of whether op not use of said conten ts 
data is permitted, control of use of said contents datj^ based on said detection 
results, and updating of said use control information#^)ased on said use, are 
performed within a signal processing device regarding which external observation* 
and alteration of the signal processing state is impossible; wherein in the event 
that said content s data has been used, said distribution destination sends 
information relating to use of said contents datajfto a predetermined administration 
device; wherein said administration device perfdpns billing processing relating to 
use of said contents data, based on said generated information relating to use of 
said conten ts data; and wherein in the event oW using said contents data by 
recording . thitf is perfoxTned by using as a unWt; said distribution data containing 
said contents data and said use control infoamiation containing said information :;E 
the number of permitted times of use that agrs been newly set; wherein said 
distribution d<>t:a contains information of jShe number of times use has been 
permitted and th^ number of times essentign-ly already used, as said use control 
information., w ith a hash value of a hasljyfunrtion; and wherein detection of whether 
or not use of ,f9ffffBWWPW!fflllff^WffiWB^ and updating of information 

indicating the number of times said diet ributioh data has already been •essentially 
used based on use of said distribution/ dataware performed b y comparing ^lforrnaXj^n^ 
of said number of permitted times ofjf^use with information of *^fflmWr ,B ffr^^imes 
already used, at said distribution ^destination. 

13. A data processing device, comprising: control information extracting means for 
extracting, from distribution dat^a wherein use control information containing 
information of the number of permitted times of use of said contents data including 
either one or both of recordingiand playing said contents data has been added to 
desired cont ents data, inf ormat&on of the number of permitted times of. use from 
said /use control information; iise permitting means for detecting whether or not use 
of said content data is permitted, based on said extracted information of the 
number of permitted times of juse; use control means for controlling said use :sc as 
to use said contents data in#the event that use thereof is permitted as the. result 
of said detection; using meafis for using said contents data based on said control; 
and control information updating means for updating said use control information so 
as to decrease said number ^f permitted times of use, based on said usage; wherein 
said control information eSrracting means, said use permitting means, said use 
control means, and said ccffltrol information up dating means jte configured of a 
signal processing device iB&garding which external observation and alteration of the 
signal processing state B impossible; wherein said use permitting means detects 
whether or not playing or said c ontents data is permitted, based on said extracted 
information of the number of permitted times of use; wherein said use control means 
controls said using means so as to play said contents data in the event that 
playing thereof is permitted as the result of said detection; wherein said using 
means plays said contents data based on said control; and wherain said control 
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information updating means updates said use control information based on said J> 
playing; and further comprising distribution data generating means for addinp^se 
control information containing said information of the number of permitte^^imes of 
use that has been newly set to a predetermined value to said contents ^ra, thereby 
generating new distribution data; wherein said use permitting means ^cects whether 
or not recording of said contents data is permitted, based on said^Ktracted 
information of the number of permitted times of use; wherein sai^^ise control means 
controls said distribution data generating means and said usinc^means so as to 
record said contents data in the event that recording thereof^s permitted as the 
result of said detection; wherein said distribution data geo^ratina mears g?n^r ? xpp 
new distribution data using said contents data which is tj^r object of recording;' 
wherein said using means records new distribution data c^fferated based on said 
control; and wherein said control information updating^eans updates said use 
control information based on said new generation of ^^tribution data and said 
recording . f 

14 . A data processing device according to claim ^p, wherein said distribution data 
contains information of number of permitted timde of use by recording of said 
distribution data; and wherein said use permit^^ng means detects whether or not 
recording of said contents data is permitted^based on said information of the 
number of permitted times of use by recording of said distribution data at the 
recording originating side; and wherein saJcL distribution data generating means; 
sets the number of permitted times of us^Dy said recording of the generated 
distribution data, based on said information of the number of permitted times of 
use by recording of said distribution dpta at said recording originating side; and 
wherein said using means records new distribution data generated; and wherein said 
control information updat i ng means uy ates said use control inf ormaMon based on 
t:he recording o.: ; : said distribution c^Tta, and the number of permitted Limes of .use 
by recording set to .said recorded ystribution data. 

A data processing device according to claim 13, wherein said di'str Lbutr.on df?. H > 
separately comprises inf ormatioiwof number of permitted times of vising said 
vistribut ic:i data as original cyta for recording/ and information of number :of 
permitted times .:f using. by r^ftrding for setting said distribution data as 
distribution dat-:i for recording as original data; and wherein said use permitting - 
means- detects whether or not^ecording of said contents data is permitted, ibated on 
information of the number o^permitted times of use by recording of said. . . 
distribution data as origiMLL data; and wherein said distribution data generating 
means sets the number of twrmitted times of use by recording of the generated . 
•.!i itribution data, based Ma information of number of permitted times of using by 
recording for setting sa^a distribution data as distribution data for recording as 
original data; and wher«.n said using means records said generated new distribution 
data; and wherein saiMCo.ntrol information updating means upda tes said use control 
information bajed on jme recording of said distribution data, :aid che number of 
permitted times of uM by said recording set to said recorded distribution data. 

0. A data processMg device according to claim 13, wherein, in : ;he event of using 
said content s dat«jy recording; said distribution data generating means genera t e. ^ 
'laid distributionMlata containing said use control information containing 
Information whermn the number of permitted times of use of said conte nts data is 
:-;et to a predetermined value smaller than the number of permitted times of use by 
recording of theloriginal distribution data; said using means records said newly 
generated distribution data; and said control information updating mean s updates 
the information of the number of permitted times of use by recording for the 
original distribution data, based on recording of said new distribution data and 
the number of permitted times of use by recording set to said new distribution 
data . 

21. A data processing device according to claim 16, wherein, in the event of newly 
increasing the number of permitted times of use of said distribution data which has 
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already been distributed, said communication means transmits information to said 
administration device for requesting a. desired number of times of use of said 
contents data, and receives a response to said request from said administration 
device; and wherein in the event that said received response is such that permit^/" 
said request, said control information updating means increases the number v^-^r 
permitted times of use of said distribution data which has already been dist^buted 
by the maximum number of times allowed. 

25. A data processing device, comprising: control information extraci^ng means for 
extracting, from. distribution data wherein use control inf ormation^ontaining 
information of the number of permitted times of use of said con t ^ts data including 
either one or both of recording and playing said contents dat^^ias been added to 
desired contents data, information of the number of permittj^r times of use from 
said use control information; use permitting means for debating whether or not use 
of said content data is permitted, based on said extracts! information of the 
number of permitted times of use; use control means fo^cont rolling said use so as 
to use said contents data in the event that use thereof is permitted as the result 
of said detection; using means for using said conyts data based on said control; 
and control information updating means for updat^re? said use control information .sc 
as to decrease said number of .permitted times o^use, based on said usage; wherein 
said control information extracting means, sa^Tuse permitting means, said use 
control means, and said control information j flsdatin g means are configured of a 
signal processing device regarding which eternal observation and alteration of the 
signal processing state is impossible; wherein said use permitting means detects 
whether or not olaying of said contents jKta is permitted, based on said extracted 
information. of the number of permitted Jtimes of use; wherein ?7»id use control mean's 
controls Trii'J. using means so as co pl^y said conten ts data in :-;he event that 
playing /.hereof, is permitted as the ^sult of said detection; wherein said using 
vneans plays said co ntents data basdB on said control; and wherein said control 
;.aforniatlon updating mean s up date^ said use control information >>ased on :;aid 
playi^j; further -comprising jjzi splay me^ns for displaying arbitrary j.nf ormnxxtui 

;:f said ua.e control i.nf ormatiojrof said distributed distribution data, and r . • 
.'i f or ma t i on vr s ed on 3 aid i n^ma t ion . : :. . 

:6. :\ iata use control device provided to a device which uses said contents , -lata of 
distribution data wherein^se control information containing information of >";.b,e- 
Tiu'sroe-?: - . of - times that use/of said contents data including either one or hcrh of 
::ecording and playing jfkid contents data is to be permitted, is added to desired 
c onte nts data to be ^^tributed; said data use control device comprising: control 
... n f * . "rn \ c. }.. t\ extracting mean? :;"or 2xtracting, from said distributed distr.'.t jcion 
.iauc. f inr vr-iirxion M. the number of permitted times of use of said use eo.itrbl 
information; use permitting means for detecting whether or not use of said c ontent 
data is permitte^ based on said extracted information of the number of permitted 
L :.imer. of ■'■ise; control means for controlling use so as to use said co r.tentr? data 

.vi> the fc-vent ^pt use /.hereof is permitted as the result of said detection;, control 
information i ^ pating mean s for updatin g said use control information so ns to 
•decrease xbIW number of permitted times of use, based on said usage 1 , in the e^ent 
:.:hat sai d cytents data is used;, and a signal processing device regarding which 
external o»^rvation and alteration of the signal processing state 'is impossible: 
wherein sa/d use permitting means detects whether or not playing of said conte nts 
■•.iata in permitted, based on said extracted information of the number of permitted 
':imes 01 use; wherein said use control means controls said use sc as to ploy said 
content s data in the event that playing thereof is permitted as the result of said 
detection; ind wherein said jontrol information updating means updates said use 
.ontrol information based on said playing; and further comprising distribution data 
generating moans for adding use control information containing said" information, of 
:he number of permitted times of use that has been newly set to a predetermined' 
value t;v» ..-aid c ontents data, thereby, generating new distribution data; wherein said 
jse* permitting means detects whether or not recording of said contents data is 
permitted, b;ased on said extracted information of the number of permitted times of 
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use; wherein said use control means controls said distribution data qeneratii^r 
means so as to record said contents data in the event that recording thereo^is 
permitted as the result of said detection; wherein said distribution da^^r 
generating means generates said new distribution data using said cony^s data 
which is the object of recording; and wherein said control information updating 
means updates said use control information based on said new generation of 
distribution data and said recording. f 

27. A data use control device according to claim 26, wherein^said distribution data 
contains information, "of the. number of permitted times of uj£. by recording of ^ai..d 
distribution data; and wherein said use perndtting meansyffetects whether or not 
recording of said contents data is permitted, based onyfaid information of the 
number of permitted times of use by recording of sai^^istribution data at the 
recording originating side; and wherein said distribution data generating means 
sets the number of permitted times of use by reco^frng of the generated 
distribution data, based on information of the nWmber of permitted times of use by 
said recording of said distribution data at sai^H recording originating side; and 
wherein said contz-ol information updating meajre updates said use control 
information based on the recording of said distribution data, and the number of 
permitted times of use by recording set toVsaid recorded distribution data. 

28. A data use control device according^© claim 26, wherein said distribution data 
separately comprises information of number of permitted times of using said 
distribution data as original data tmr recording, and information of number of 
permitted times of using by recording for setting said distribution data as 
distribution data for recording aw original data; and wherein said use permitting 
means detects whether or not recording of said content s dsrta is permitted, based on 
information of the number of permitted times of use by recording. of said 

' distribution: data as originalJ^ata; and wherein said distribution data generating 
means -sets the number of pej^pLtted times of use by recording of the generated 
distribution data, based om xnt ormat ion of number of permitted times of -using by 
recording Tor setting sai^r distribution data as distribution data for recording \s 
orUjinkl* dat*; r?nd /herep said, control information updating means updates , said , use 
control information ba«d on the recording of said distribution data, and the 
number of permitted tynes . of use by said recording set to said recorded 
distribution >iata. m 

\3 . A data UBe . c(yrol device according to claim 26, wherein, in the event of usiua 
Xaid con tents da« by recording; said distribution data generating means generates % 
rjaid \ : .'tribut»n ^ata containing said use control information containing. „ 
information wjasreiii the number of permitted times of use of contents data J is ;er. ;o 
a predetermined value smaller than the number of permitted times of use by 
recording ojFthe original distribution data; and 3aid control information u pdating 
raeans u pHaifc *-hf> information of the number of permitted^ times of use by recording 
for the ordinal distribution data, based on recording^f said new distribution 
data and the number of permitted times of use by receding set to said new 
distribution data. 

34. A data use control device according to claim^32, wherein, in the event of newly 
increasing ; he number of permitted times of use^of said distribution data which has 
already beeu distributed, said communication ^sntrol means transmits information to 
:;aid administration device for requesting a^esired number of times of use of "id 
c onte nts data, and receives a response to m&id request from said administration 
device; and wherein in the event that sai^r received response is such that permits 
said request, .*aid control information ujpaating means increases the number of ; 
permitted times r.ifuse of said distribution data which has already been distributed* 
by the max: . urn number of times allowed. 
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TITLE: Copy protection apparatus and method 



Appli catio n Fili ng Date (1) : 
19990902 




Aug 24, 2004. 



Brief Summar y Text (6) : 

Withou t any form of copy_-~u.aiitrol , film^ audio recordings and other digital content 

Sirstrributed on DVD drB-k~~6r~ ^D^RbM, e&n be easily recorded by a DVD-RAM, or other 

digital recorder, onto a digital data storage medium such as a recordable DVD disk, 

•from which they can be further c^ied Humerus JJLme.s^on to other DVD disks, without 
any degradation in the copy qus 

Brief Summary Text (10) : 

A further problem with the/above described protection scheme is that it is 
inflexible, with no way op/providing for a copy generation management system 
•CGM3) , which governs the extent to which copying is* permitted. For example, there 
.'.s no way of providing/for the con tent s of an original data storage medium to be 
copied to a b^ck- up>^edium ( v/hile preventing the production of a further genera tdon 
Jr.°£.ifL?L £rom the//r>ack-up medium. " , . 



tion Text '3 3) : 

5, at t.he player 13, the reading device 14 l reaas "he public 



detaile d J escr 
deferring again to FIG 

key K and /-S^g^ tfub. K •■ '■. (S.sub.d) from the data area 3 and the disk identifier 
■i.sub.p fronhthe identifier area 2 of the disk 1 being played. The CCI verifier lb 
val ^late j^tfhe hash value H(S.sub.p) and uses K to decrypt Sig.sub.-K -1 (S.sub.d) so 

It then compares these two iiash j^alu es-. 



<55-^o^l5t^^.the hash value H (S.sub.d) . It then compares these two , nash y,aluegv ^ If 
S.sub.d and S.si.b.p are identical, because the ^jj^k^ei^ng^layed <X5C^^e^ofiginal 
disk, then the has h values are also identica l, then verification is successful and 
.. signal i s 5; ent~te— Hie-piayDaxSe-dev-iree— ^6— pe rmi 1 1 ing playback . If S . sub . d and 
S.sub.p are not identical, because the disjf^ei-ng— pl"aye"d~i"s a copy of the original 
disk, then their hash value s wil J l_b e diff erent, so that the verification process 
;;ails, which triggers"aT^ignarnf^r^cne playEack device 16 to prevent' playback. Since 
i:he co nten t provider is the only one to have access to the private key 7..sup.^l, it 
..3 the only one that can correctly en c rypt the serial number or other identifier •■£ 
: .he original disk. 



detailed J)escr iption Text (41) : 

For example, the provider may decide that the content of, for example, its DVD- 
audio disk can never be copi ed. .On the other hand, the provider may wish to provide 
.'.ts customers with the ability to make a back-up copy of the original, but not ":o 
•produce further copies . The way in which chese goals can be achieved is explained 
oalow using the following notation: 

detailed Description Text (42) : 

XD is information identifying the conte nt provider. This can include the provider's 
:;ame. the name of the content, its date of production and so on. CCF represents the 
:opy control field, which can take the values Copy-Freely, Never-Copy, Copy-Once 
•aid No-More-Copy, as explained above. A and A* are used as convenient notacion to 
':/roup the provider dependent information ID and CCF together, for example, by 
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concatenation, such that A=ID. vertline .CCF and A' = ID .vert line . CCF ' , where CCF' 
represents a change in the value of the copy control field when recording onto a 
new disk. S . sub . d, S . sub . c and S.sub.p are disk identifiers printed on the read-only- 
part of the disk. They cannot therefore be changed by the consumer. S.sub.d 
represents the disk identifier of the original disk, S.sub.c represents the disk 
identifier of the disk to which the original disk can be^ legi timatel y jgoxd^cL^a nd 
S.sub.p represents the disk identifier of the disk being piayectT'ic wall r>e 
understood that S.sub.p can take the values of S.sub.d and S.sub.c where, 
respectively, the original disk and a legitimate copy of the original disk, are 
being played. K' . sub -A an.3\^.>ffub.A -1 ?r>° key pairs for. the digital signature c.f the 
content provider. K. sub. M. and k.sub.M -1 are key pairs for the digital signature 
required to implement the CGMS scheme, for example to ensure that a copy is only 
made from the original and not from a copy of the original . 

US Reference P atent Numbe r (5) : 
5131 162 

Previous Doc Next Doc Go to Doc# 
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DOCUMENT- IDENTIFIES ■■ US '^0^6 >\t ■ > 
TITLE: Usage dependent ticket to protect copy-protected material 

Applicat ion Filin g Date ( 1 ) : 
19991 203" 

Brief Summary Text (7) : 

The availability of small, inexpensive media for copying copy-protected material 
presents a number of potential problems as the rights of the provider of the copy- 
protected material are balanced with the rights of the purchaser of the copy- 
protected material. Because the medium is small, and intended for highly portable 
.Applications, the likelihood of the medium being lost, damaged, or misplaced is 
high. As such, the purchaser will. Expect to be able to reproduce the content 
material as often as required to replace the lost, damaged, or mis^^atred— cc^^^r- 3 



Contrarily, because the media .is inexpensive, the likelihood of an illicit mass 
reproduction oi: the con tent material is high, ^nd the provider of the material will 
expect to be able J.;d prevent ;;uch an illicit mas s reproduction . . < 



One method tor limitii>j the ability ;:o copy the con tent material is a. "check- 
at/check -in" system. In this, as .la other protection schemes presented. *ier?in, i-.: 
..s assumed chat the copying and playback devices are '"conforming" devices, in that 
:hev conform to :he standards used to protect copy- protected material. When .t : -'cpy 
:jf chr material is made from -a providing device :o a portable medium, the 
conforming providing device prevents additional copies from being made until the 
portable medium containing *:he copy is returned to :he providing device. This 
;:ch'^ ; 'ie ha*> a number of clrawbacks : if the portable copy is lost, damaged*, or 
displaced, it cannot be "returned" to the providing device, and subsequent other 
c2cp^Les cannot be made. Such a potential "one time copy"will not be acceptable .o 
consumers vi; large. Conversely, multiple copi es of the content material can ^e made, 
direjtly i'rom the portable copy , ^f^eTeJ^S^ 

scheme. Similarly, although alternative schemes that allow for R siroultaneous ^ " 



^^-ju^r ^E i^^L^S^^^ m aterial onto portable media mayatleviate the consumer's 



^anc^rn f or "c^^y-iilnirtatioris :*.hese schemes are equally susceptible, to .nass 
reproductions directly from the portable Ynedium. 

■ft Ailed descript ion Text (3) : 
The c ontent provider 100 receives content material, typically Aora a remote site, 
i?»uch as an Internet site, via a receiver 110, although the content provider 100 
:.'oulc be a conventional CP, DVD, or other medium device player that is configured 
:.o provide cop ier, o f the contents of the medium to other recording medium 200 in a 
copy- limited fashion. That is, the receiver 110 represents any device that provides 
v; ^ e consent material 125 chat is recorded no a memory 210 of the recording, medium 
::00, via recorder 120. Although this invention is well suited for a solid-state 

memory 210, o:Ler memory storage techniques, such as the use of magnetic or optical 
d.iskr., *:apes. rods, and the likvmay also be used. 

De tailed Description Text (4) : 

To prevent mass reproductions of the content material 125, che content provider 100 
allocates a portion of a limited total -usage measure to each copy of the con tent 
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material 125 that is recorded to a recording medium 200. When the total-usage 
measure is completely allocated among recording media 2 00, the c ontent provider 100 
does not provide further recordings of the content material 125. When a recording 
medium 2 00 is returned to the c ontent provider 100, the content provider 100 
returns the portion of the total -usage measure that was allocated to the recording 
media 200 to the total-usage measure. That is, when each copy is "returned", the 
content provider de-allocates the portion that was allocated to this returned copy, 
-hereby replenishing the total-usage measure for subsequent allocation. In -his 
manner, the purchaser of the content material is only limited with regard to, the 
number of co-temporal uses of conies of t>« protected content material. 

Detailed Description Text (6) : 

When the "depleted" recording medium 200 is returned to the c ontent p^ovider 100, 
the total -usage measure is replenished by de -allocating the ten re^Brings that had 
been allocated to this recording medium 200. The recording medj^frr 200 can then be 
reallocated a portion of the total -usage measure that is associated with the same 
content material 125 that it had previously received, or Tdira new content material. 
Note that the total -usage measure is associated with eacff^c'py-protected content 
material, and can differ from, and be allocated diffej^itly from, other copy- 
protected content material. Because the playback decree 300 or the recording medium 
200 enforce the; above described usage limit at ion^and because a conforming placer 
300 expects the recording medium 200 to contain^this usage limitation, the illicit 
reproduction of the content material from the^fecording medium 200 will have little 
market value. That is, if the illicit copy>jmcludes the baseline register 230 that 
contains the baseline -usage parameters 14J^ : .;hat correspond to the allocated usage, 

;he illici;.: oopy will have a limited udge duration, alternatively, if it does Jiot 

contain ):he baseline-usage parameter sfL4 5 , it will not be usable on a conforming 
flayer 300. Thus, in iccordance witid^che principles of this invention, by. 

illocatirv.; u usage parameter to eap copy of cont ent material . 125 , the purchaser ; .s 
provided a me-vn^. for creating im^ftipie cop ies of the conten t material 125, yet tno. 
harm caused by .ui illicit ma ssJFeprodui: •: i.i\n of the conte nt material 12 5 is ..imited 
\»y :ui r.rcement of the usajps allocation. Correspondingly, a physical IvTss ' cf the 

.e^oroing medium 200 has ajaraiccep table effect on the purchaser, because only a - 
portion of ':he . allocate^fnle total -usage measure wiH be lost. 

Detail ed Descript ion l^t ( 7 ) : t . . 

V?he above descripti^rillustrates tho principles of this invention, , but as . 
vrese/vted, does not^reclude an illicit mass reproduction. A weak link in the sY r r r . 
description is the^possibility of falsifying the aforementioned baseline-usaae 
parameters. In j^referred emt •. diment of this invention, the baseline-usage 
parameters 145^Tre stored .n the recording medium 2 00 in a verifiable form, usinq a 
security devj^^ 150. Any number of secure techniques can be employed, using 
:echniques common in the art. In a preferred embodiment, the baseline -usage 
■>ar ureters il4r> are either encrypted or digitally signed, or both, using a private 
key 151 -Wat i .r^sociated with a "trusted source" of copy -protected material. The .= 
playbacyaevice 300 of a preferred embodiment includes a corresponding security 
device ifso that authenticates the source of the baseline -usage parameters 145' that 
are rdad from the recording medium 200, using a public key 351 corresponding . o -..i^ 
private key 151 of a public -private key pair that is assigned to the "trusted 
j.oudce" . Alternatively, a two level structure may be employed whereby a first 
umLic vX'V embedded in the playback .ievice 300 is used to authenticate a sejond key 
yom the c ontent provider 100. In this manner, a public key from every possible 
Content provider need not be provided in advance. That is, the public key of :he 
playback is used to authenticate certificates from any content provider. Each 
content provider will apply to the manufaccurer of all playback devices for such 
certificates. By authenticating the source of the baseline-usage parameters 145', 
substituting a counterfeit baseline-usage parameter 145 onto recording medium 200 
that contains an illicit copy of the c onten t material 125 will be ineffeccive. On 
the other hand, a "blind copy" of a recording medium 200 having an authorized usage 
allocation associated with the content material 125 will provide for a usable 
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counterfeit, because the verifiable form of the baseline -usa^eparameters 145 will 

copied as well. However, as noted above, these counte^s^^t c opies will have 
minimal economic value, and thus not be a pref errecltatfrget for an illicit mass 
reproduction, because the copied baseline-usage parameters 145 will place a limited 
life on the c ontents 125 of the memory 210 of recording medium 200. 



Detailed Description Text (9) : 

As an additional security measure, the recording media 200 includes a usage 
indicator 220 that indicates the amount of usage that the recording media 2 00has 
incurred. .Preferably, the. usage indicator ?2n is a counter that can only be 
incremented, and never decremented or reset. This usage indicator will preferably 
contain a random value with respect to other recording media 200, so that its value 
cannot be predetermined. With each usage of the recording medium, the usage 
indicator 220 is incremented. A usage incrementer 370 is illustrated in the 
playback device 300, for ease of understanding, although the usage indicator 220 
may be incremented by each access to-the memory 210 by a player 300, or by each 
insertion into a player 300, or any of a variety of explicit or implicit 
indications of a usage. For example, if the measure of usage is time, the recording 
medium 2^00 or the player 300 may contain a clocking system that increments the 
usage indicator 22 0 periodically. In a preferred embodiment, the content provider 
100 reads -:he usage measure 225 from the usage indicator when the cont ent material 
125 is provided to recording medium 200. The content provider 100 uses this usage 
measure 225 to form thebaseline -usage parameters 145, thereby binding the baseline - 
usage parameters 145 to the particular recording medium 200. For example, the 
baseline-usage parameters 145 may contain this initial usage measure 225, and a 
::inal usage measure that is a sum of the initial usage measure 225 and the portion 
of total-usage that is allocated to this copy of the content material 125, The 
confo.vMVii.ng playback levies 300 reads (and verifies) the baseline- usage parameters 
14T ' crum ;-.he "r *.- wording medium 200, via the baseline de terminator 320, as veil as. 
the current value ^2*5' of :;he usage indicator 220, via the usage de terminator ; 3a0 ; . 
In accordance with this aspect of the invention, the playback device 300 provides a 
renderin g 3ffl of the content material 125* only if the current usage measure ^25' 
.is between che initial and final usage measures contained in the baseline -usage 
parameters 145' By providing an increment-only usage indicator 220, illicit copies 
of the content material 125 cannot be produced on other recording media .100 by. 
.oerely copying the baseline-usage parameters 145 from a recording medium 200 than 
"ontains a valid copy of the content material 125, because each recording medium 
A00 is likely t^ havev or can be designed to have, a statistically -unique usage 
Measure 225. That is, for example, the usage indicator can be a large counter, 
(e.g. 54 bits or more) that is initialized during manufacturing to h random number) 
and ;peans can be provided to prevent this counter from being incremented at an 
excessively fast rate. A purchaser of "blank" recording medium 200 thus 
.manufactured will not be able to use the same baseline-usage parameter 145 for 
Viach, because each medium 200 is. likely to have a substantially different usage ■ 
Measure 225 than each other. 



"retailed Desc ri ption Text (10) : 

Other security techniques, common in the art, may also be applied. Illustrated A.i 
yiG. 1, the playback device 300 includes a ticket extractor 330 and watermark 
extractor 340. Generally, a watermark is a characteristic that is embedded within 
c ou ter/ - . material such that a removal of the watermark cannot be effected without 
destroying or substantially degrading the c ontent material. As presented in 
copending U.S. patent application, if Copy Protection by Ticket Encryption", Ser. No. 
)9/333,6'28, f i 1 ^jLIgi^ ^ -^ ^99 for Michael A. xSpstei n^incorporated by reference 
jrein, a .: i ckl^natcontroI^SS^rrqn^ material can be 

^ociated with the watermark, typically via a onerway_hashinq functio n. Rules are 
provided for determining the validity cf the *M*Ket, base d on^c^ m^S^so n with a m 
ll -iply_ Jiashed, value of the w akexmar^L . If the co^?t!e l nt^ mTteril 

Tin a valid^ticket , the authorization device 
360 prohibits its rendering 361, regardless of the validity of the above described 
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usage measures. In this manner, illicitly obtained content material 125 cannot be 
recorded onto recording media 200 that contain valid usage^measures and parameters. 
To further prevent substitute c ontent material 125 being^rulicitly recorded onto 
media 200 containing valid usage measures and parameters) a preferred embodiment of 
this invention binds the baseline -usage parameters lU^to the content material for 
which the portion of the total -usage measure was aLjlrocated. For example, the 
aforementioned ticket can be included in the bas^^ine -usage parameters 145 that are 
encrypted or digitally signed before loading in^o the baseline-usage register 230 
of the recording medium 200. An attempted counterfeit substitution of the ticket or 
•the content material, or both, will result xgr a rejection by the authorization 
device 360 in conjunction with the securita^device 350. A substituted ticket will 
fail the aforementioned verification tesi^rbased on the public key of the trusted 
provider, whether it matches the counterfeit content material or not, and a 
substituted counterfeit content material will not match a vex'ified ticket that is 
associated with the original content material. ^ 

D etailed Description Text (12): 

At the start of the recording, or potential recording, the current usage measure 
associated with the recording medium is received,^rt 510. Not shown in the flow 
diagram, if this recording medium had received aJprior usage allocation from the 
recording device, this allocation is returned tfpbMe total -usage measure associated* v 
with the previously recorded content material . 52 0 , a portion of the total-usage 
measure associated with the content material omrently being provided is allocated 
;o this recording medium. If, at 525, an alMcation is not available, because a 
number of other copies of thi s content ma^^rial have been made but not yet 
returned, the recording process 530-560^^? bypassed. The baseline-usage parameters 
are ;i*r.er mined, at o30, based on the current usage measure and the allocated '.sage. 
:ihese parameters are bound to the ce ment material, via, for example, the 

aforementioned ticket that is :vsso^pfated with the co ntent material or directly . to 1$; 

" ne content material, and the vaJps and the. binding are secured, at j40. The': , &yA 

:;et:urity : may be an en cryp t ion the parameters, a digital signing: 6±" the 
r oaram::tet^ :>r both, at i is preferably based on a private key of a .public -private' 
v.ey pair that is associated >with the provider of /^his conte nt mat; ■■i^Lw.l . This 
secured set of. pardmeters ire recorded onto ihe recording medium, &t 550. The 
public key vrf. the publicJprivate key pair is publicly known, and particularly -known 

:o the conforming vlayemn that are expected to read this secured information from 
the recording ?nedium.^E 560, the content material is recorded onto the recording 

nediuvh. . The process continues, at 570, wherein the recording device may -issue a 
message err firming -.he completion of the recording process, or may issue a message l 

epcrtln- the lack of a sufficient usage allocation to provide :be (recording ,■ and 
: ;o on. . 

detailed Description Text (13) : 1 ' i 

At the start of the playback, or rendering, process, the baseline-usi- je parameters 
...re read rrom the recording medium, at 610 of FIG. 3 . As a f irst test of 
roithc -:ization, the authenticity of the parameters is verified, at 615. _ As noted 
dbove, in a preferred embodiment, the parameters are encrypte d or signed, or both, 
using a private kev that is associated with a trusted provider of content material. 
':he playback device verifies the authenticity of the parameters by,j decrypting, 
them or by verifying the signature, or both, using the corresponding public key 
: :hat is associated with the trusted provider. Other techniques for verifying L'ne 
authenticity nf secured items are common in the art. If^fhe parameters are not 
verified as authentic, at 615, the remaining process 6^0-650 is bypassed. At o20, 
.;hv5 valid period of usage is determined from the vej&tied parameters, and at. 630, 
the current measure of usage is read from the recoiling medium. If, at 635, the 
current measure of usage is not within the vali^period of usage, the remaining 
process 640-650 is bypassed. At 640, the ticket^and watermark associated with the 
content material are determined. As noted ahoM, the ticket is preferably included 
in the parameters that are verified at 615. ^rhe watermark is typically determined 
by an extraction from the content materia^as it is read, using techniques common 



hi 
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in the art. At 645, the ticket and watermark are compared to verify that the 
content material is authorized to be played; if n!ot, the rendering process at 650 
.is bypassed. At 650 the content material is ren!aered. That is, if the content 
material is an audio recording, audio sounds^eorresponding to the recording are 
produced; if the content material is audiovisual, audio and visual reproductions 
corresponding to the recording are proceed; and so on. Thereafter, the process 
continues, at 560, wherein, for example, a "not authorized "message is rendered in 
response to che failed tests at 6^^ 635, or 645. 

US Ref>r^nce Patent Number (3) : 
57 1540 3 " 4 
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Dec 24, 2002 



DOCUMENT- IDENTIFIER: US 6499105 Bl 
TITLE: Digital data authentication method 



jOjstract Text (1) : 

This invention provides a method for identifying a purchaser who purchased couteut 
from which an illegal copy was produced. A provider system encrypts purchased by 
the purchaser using a public key of a purchaser system and sends the encrypte d 
content to the purchaser system. The purchaser system creates a digital signature 
of the content with the use of a private key of its own and embeds the created : 
digital signature into the received content. When an illegal copy is found, the* 
provider system verifies the digital signature, embedded in the illegal copy .is. a 
digital watermark, to identify the purchaser who purchased the content -from which 
the illegal copy was produced. / 

App l icat ion filing Date (1) : // 
■^0J)0072_1 ff 

Brief 3um^:ry Text {22) : // 

.;.*hi.3 technique embeds the identification of Mhe co ntents purchaser into the 
contents in the form of a digital watermarW When illegally copied : contents vre 
seized, the embedded . information i;3 extracted to identify the person (that is,, Uv* 
urcbaser) wtc, produced the ill egal copy J? 

"iri ef S umirvary Text (23) : g ^ - - 

Xhe basic procedure for embedding purchaser's identification infortnation is as 
follows: (1) The provider ( contents yrovider) assigns a unique humbur to a c onten ts 
•urchaser. (2) The provider embeds tane number of the contents purchaser into the 
:.2?;^'^_ £ _ »- n ; :he form of a digital vptermark. (3) When illegally copied contents are 
.'our* J :~.nd seized, the provider orMn spec t ion division extracts the number: from the 
c ontents to identify the purchaser. (4) The penalty is imposed on the purchaser for 
../.legal copy or for lending thejre ontents to a person who produced the illegal copy. 

.\rief Su mma ry Text (3 8) : m c 
■Sox example, with the illegal copy prevention technique described cibove, a .number 
embedded in the il legal ly ^fopied contents cannot always be used as ,a proof that, the 
.1 legally -copied content s# were purchased by the purchaser corresponding to that 
\umber. That is, because^the number was given by the provider one-sidedly, zhe 
,/urchaser may insist tjdat the number found in the copy if not the one assigned :o 
Mm or her . m t 

A^j-^f S ummar y ':'exc Ml) : ' 
\o ."chirve the abojp objects, a method according, to this invention is ah enued-in^ 
co ntent informatiop processing method for processing information embedded in a 
content using • an Electronic computer, the method comprising the steps of creating 
:ryptogx-iphic information by encryp ting specific data using a private key in 
...ccordance with a public key cipher system used by conten t -handling persons; and 
embedding the created cryptographic information into the content such 'that the 
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cryptographic information cannot be separated from the cont ent without using a 
predetermined rule . 

B rief Summary Text (55) : 

The cryptographic information embedded in the content may be a value dependent on 
the content into which the cryptographic information is to be embedded. For 
example, the value may be a digital signature generated by encr^^n^^ljehaslji 
value of the content . This value makes even clearer the correspondence^betweer^The 
information embedded in the illegal copy and the content-handling person of the 
"or^c^t frr»n> yhirh the iJ legal copy was created. 

Brief Summary Text (56) : 

To achieve the above object, this invention is an embed- in - content information 
processing method for embedding information on k (k is an integer equal to or 
larger than 2) consent-- handling persons using an electronic computer, the method 
comprising the steps of embedding a digital signature into the content such that 
the digital signature Cannot be separated from the content without using a 
predetermined rule, the digital signature being created by encry^^ng an n-bit hash 
value using a private key in accordance with a public key cipher system used b}^^^ 
^irst conten t -handling person, the n-bit hash value being obtained by evaluating 
r.he conten t with a first hash function; and sequentially repeating digital 
signature embedding for a second person to a k-th co ntent. - hand 1 ing person, wherein, 
for an i-th content - handling person (i is an integer between 2 and k) , the co ntent 
into which the digital signatures of the first to an ( i - 1 ) content -handl ing persons 
;-i.rs* embedded is evaluated with a second hash function, wherein a resulting n/2-bit • 
ha sh va jUie is encr ypted v.sing the private key of the i-th conten t - handling person 
^c^5^5rcLte the digital signature of the i-th content -handling person, and wrierei.v- 
one dicjital signature of the. i-uh content -handling person is embedded into ch£ 
eContent in which the digital signatures from the first to .the (i-l)th. persons arj 
already embedded i-uch tnat the digital signature of the i-th content; handl ing 
person c&rviot separated from :he c ontent without using a predetermined ' xivl.-** . 

.fci ef Summary Text (5S) •. c. 
".'■'his invent ipw~ Is also an embed- in -content i'nformacion processing method tor 
embedding information on k (k is an integer equal to or larger than 2), content - 
.'.laniling persons using aii electronic computer, the method comprising the steps ;>f 
.-reatiug a digital signature of a first content -handl ing person by encrypting a 
hash value using a private key in accordance with a public key cipher system „of the 
rirst con t. 5.;'it -handling oerson, the has^^ja^ae being created by evalUaty^^ie 
c og en t v;icn t f irstl^s t h^unct i pp.; seauent^tllv repeating digital signature 
~'r e. aP7. c^^^orTa'^e'^onapersonto -1 ? k-th conten t -handling persons to create the 
digital signatures of the c ontent -handling persons; and embedding the digital 
signature of :b,e k-th content -handling person into the content such- that the . 
digital ii J. ^nature cannot be separated from the content without using : . 
predetermined rule, the. Ugical signature being obtained by performing cha digital 
■-.'ignature creatioxi for the k-th content -handl ing person, wherein, during :he 
dioi'i^l signature creation processing for an i-th content -handling person (i is an 
integer between 2 *nd k) , a value dependent on the digital signature of the d-^th 
cont ent - hand 1 i ng person is e ncrypted using the private key of the i-th c ontent - 
handling person to generate the digital signature of the (i-l)th con tent -handling 
person. A- ' jo r ding to the embed -in -content information processing method, vhen "he 
value determin-d by the value of the digital signature is n bits long, embeddir.j, 
only n-bit iaca into che content enables information for verifying k content- 
handling persons to be embedded into the content. 

B rief ju mmary Te xt (68) : 

For example, ::his invention provides a content distribution system comprising a 
distribution system outputting a conten t to be distributed and a cj)rt_ent receiving 
system receiving the distributed content, wherein the distribution system comprises 
e ncrypting means for encrypting a content to be distributed and wherein the 
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receiving system comprises decrypting means for decrypting a distributed content ; 
signature creating means for creating cryptographic information by encryptin g 
specific data using a private key in accordance with a public key cipher system 
used by a user of the receiving system; and signature embedding means for embedding 
the created cryptographic information into the content such that the cryptographic 
information cannot.be separated from the content without using a predetermined 
rule. 

Brief Summary Text (70) : 

Tbi? invent lor?. 2.1° o provides a content distribution system whe^in the ^rn-v-ntr/ir/i . . 
means of the distribution system encrypts the content using the public key of the 
user of the receiving system and the decrypting means of the receiving system 
decrypts the content encrypted using the private key of the user of the 
distribut ion system. 

Brief Summary Te xt (12) : 

In these content distribution systems, the signature creating means of the 
receiving system may use information containing a decrypted -content -dependent: value 
as the specific data and may use a digital signature which the receiving system' 
user haii for the co ntent as the cryptographic information, the digital signature- 
being generated by e ncrypting the specific data using the private key in accordance 
with the public key cipher system used by the receiving system user. 

Brief Summary Text (73) : 

This invention also provides a data processing system used to attach a sronature' to 
a content. This system comprises digital signature creating means for cawffilating a 
hash value u :y evaluating the content with a hash function and then eneggba^e 
calculated ha&J^^a^ie^vLth a private key of a user of the data processing sySterri in 
rccordan: :e wT^h^ie^^ublic key cipher system used by the user to generate a; digital 
signature; and Jigital watermark creating means for embedding the created /UyiV.-i! 
signature into the c ontent as a digital Wctter.Tiark . ... 

- > a t a i 1 e d De & i .. p l i on Te xt (5) : ' 
"."he firso embodiment explains. .an example of authentication of the relation between 
digital da.?: \ md an individual/organization. More specifically, the. embodiment ? 
otxplains ^:i example of authentication of the relation between a conten t , one type 
of digital data, and a content purchaser, one type of individual/organization, in 
crder to prevent the content from being copied illegally. However, it should be 
noted thai: the individual /organization need not always be a content purchaser. 
Depending upc:i he situation in which this embodiment is used, the first- embodiment 
iiiay be modified such that the individual /organization is a conte nt copyright... . 
holder, a content vendor, a content wholesaler, or some other related person. In 
addition, in ^his embodiment and in the second and third embodiment that will be 
described Later, the co ntent is assumed to be image data. These embodiments tvcy 
.;.lso be modified so t:hat the content may contain other types of data, sxxnki 
data, drawing data, audio data, or -video data, 

r 

Detailed Description Text (10) : 

As shown in .'he figure, the provider system 100 comprises a pro....: Lining module 110 
and a storage module 120. The processing module 110 comprises an input/output 
module 111 which performs input/output operations, a controlling uicdule 1 12 v*n_Lcn 
control*', rhe components of the provider system 100, a signature extracting module 
11? which extracts a digital signature from a content containing the digital 
signature, a signature verifying module 114 which verifies a digital signature, ..in 
encrypting module 115 which encrypts a content, and a sending/receiving . oduie U.6 
which sends or receives data to or from each purchaser system 200. The storage 
module 120 stores contents 121 --.nd verification keys 122. Note that the . 
verification >ey 122 corresponds to the public key explained in Description of 
Related Art. 
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Detailed Descripti o n Text (11) : 

As shown in figure, the purchaser system 200 comprises a processing module 210 and 
a storage module 220. The processing module 210 comprises an input/output module 
211 which performs input/output operations, a controlling module 212 which controls 
the components of the purchaser system 200, a sending/receiving module 213 which 
sends or receives data to or from the provider system 100, a decrypting module 214 
which decrypts an encrypted content; a signature generating module 215 which 
generates a digital signature, a signature embedding module 216 which embeds a 
digital signature into a content, and a key generating module 217 which creates a 
. sirrnature key. (private key) a verification key (public key) . The ^tov^rj? .r'O'lvlr 

220 stores signature key 221 and signature -embedded contents 222. Note that the 
signature key 221 corresponds to the private key explained in Description of 
Related Art. 

Detai led Des cr iption Te xt (19) : 

The controlling module 112 works with the input/output module 111 to accept the 
content to be distributed and stores it in the storage module 120. Then, as shown 
in FIG. 4, the controlling module 112 controls the encrypting module 115 to encr ypt 
the stored content 121 with the use of the verification key 122 stored in the ■ 
storage module 120 (step V01) and sends the encrypted cont ent to the purchaser 
system 200 via the sending/ receiving module 116 (step 402) . * 

Detailed Description Text (20) : 

The purchaser system 200 performs the following operation when it receives the 
enc r ypted content, . . 

Pet ail eg Description Text (21) : 

As. shown in FIG. 5, Uhe controlling module 212 tells the decrypting- module 214 jo 
J.e crypt u?. encrypted content, received by the sending/ receiving module 213.,. -asing ' 
:;he signature - key stored in the storage module 220 (step 501) and toen asks the * 
signature generating module :U5 to generate the digital signature of the decrypted 
j on tent using :he signature key stored in the storage modu le 22 0 (step 502 ) thm r ■ ' - 



etailed Des crip tion T&xt (22) : r . 

:o generate the * digital signature , the signature generating module 515 calculates 
;he 160-bit hash valueflm *he decrypted c ontent using a. predetermined one-way - o ^ 
.^mc^G£ and then encr^ts the resulting 160 -bit ha sh va lue using the signature .':ey 
"^oreSn^i the s t o rc25e" , mb J, d ili'l e 220. 

etaile d De scription Text ;25) : - 
.'hen the illegally - copied con tent in which the digital signature is. embedded is 
.seized, the provider system 100 performs the following to identify the purchaser 
•/ho created the illegal ^opy. 

-r etaile d De scriptioiii Tex t (26) : 

Chat is, as shown in FIG. 6, the controlling module 112 of the provider system 1*0 
; : 'brks with the input /output module 111 to store the illegall y- copied c o nten t in ^he 

storage module 120 and then tells the signature extracting module llt3 to extract 

;^ie- digital signature from the illegally -copied content (step 601) .t Note that the 
storage module 12 0 of the provider system 100 contains the original conten t (with 

;o digital signature embedded) of the illegally -copied content . This allows the . 

•ignature extracting module 113 to find the difference between the -original cont ent . 
: : ,nd the illegally- copied conten t and therefore to extract the digital signature. If 

It is possible, the- digital signature may be extracted according to the rule by 
vhich the digital signature was embedded into the content . 



detail ed Des cription Tex t (27) : 

Next, the controlling module 112 tells the signature verifying module 114 to verify 
the digital signature (step 602) . To do so, the signature verifying module 114 c 
decrypts the extracted digital signature using the verification key 122 of a user 
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3e of the same one-way hash function as that used by the purchaser system 200. 
If the rule used by the purchaser system 2 00 to embed the digital signature into 
the content is known only to the provider and if the digital signature may be 
removed from the content according to that rule, the content from which the digital 
signature is removed may be used instead of the original content. 

Detailed Description Text (32) : 

Decryption =uy?. /.t:' ♦r.?.! ? ? ^n^t-.Tre creation/embedding may ^?lso be carried r,i*~ :i9**.by 
the CPU 301 of the electronic computer shown in FIG. 3, but by a provider-supplied' 
IC card which is protected against modification. In this case, upon receiving an 
encrypted content from the computer, the IC card which is connected to the computer 
returns the content in which digital signature is embedded. 

Detaile d Description T ext { 4 4 ) : 

Assume that the signature key and the verification key of the provider system 100 
have already been generated and that the verification key of the provider system 1 ;^ 
100 has been distributed to each right -holder system. Also assume that each rights- 
holder system 700 encrypts a content or various types of information using the 
verification key of the provider system 100 before sending them to the provider' 
system 100 and that the provider system 100 decrypts received information using the 
signature key of the provider system 100. The encryption configuration and 
decryption configuration of information sent from each right-holder system 700 to* 
the provider system 100 are omitted in FIG. 7, because they are the same as '".hose 
of information sert from the provider system 100 to the right -holder system '? 00 or 
l :c the purchaser system 200. V- 

detailed Description Text {4 6) . 

r :he :'oaV rolling module .'.12 works »ith r.he input/output mcdule 111 V.o accept, a 
Jiscributi'Vi c onte nt , stores it in the storage module .120, asks the encr yp ting 
•Kxiule J.15 to encry pt the stored c ontent 121 using the verification, key !.22, which. 
■ s Hen: from the ..vighc -holder system 700 to which the conte n t is to-, be saw.. <iiid . 
v/hich is stored iii che storage module 120, and sends the encrypted content to th^ 
right - holder system 700 via the sending/receiving module 116. When, the content- 
e ncrypt ed u^ing the verification key. of the provider system 100 is returned from- 
:~he right holder system 700, the provider system 100 decrypts it u'sping the 
/erif ication cey of the provider system 100, encrypts the content us -*i>g the 
verification key of the next right -holder system 7 00 to which the content ..s to be 
.jent , jfi'i >t?n-]s ic to <:he next right -holder system 700. When sending v.he content, 
■.'.n in struct Lcn to use an abbreviated digital signature is sent to ..he right -holders 
system 700 other than the. first one. 

det ailed P er c rip cior/ Text (4 9): 

On the other hand, the right -holder system 700 which receives the en c u yp t e d c on ten t 
from the provider system 100 performs the following. 

Retail ed Description Text (50) : 

:he controlling module 712 tells a decrypting module 714 to decrypt: ^he encrypted 
con t ent received via the sending/receiving module 713 using the signature key 
stored :L*. the storage module 720, and tells a signature generating module 715 j 
generate a digital signature using the signature key of the decrypted content 
stored in the storage module 720. 

detailed Description Text (51) : 

To generate the digital signature, the ^O^^^^gg^^alue of the decrypted con ten t 
Ls 1 "^ e resu ^ t ^ n 9 160 -bit 



an abbreviated digital signature is attached co che 
received content, an 80 -bit hash value is calculated and then encrypted using the 
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signature key stored in the storage module 720 to create a digital signature. 
Detailed Description Text (60) : 

That is, in the third embodiment, the first right holder encr ypts the c on tent sent 
from the provider to generate a digital signature as in the second embodiment. 
However, unlike the second embodiment, the right-holder system 700 of the first 
right holder does not embed the digital signature in the content but returns the 
digital signature to the provider system 100. The provider system 100 receives the 
digital signature of the first right holder and sends it to the right -holder system 
^00 c-"r."r"1 [. richt h^"\de\". Tbe. second right-holder ^yst^ip ^00 pnc^ypt^ !~ Vrv 
hash value of the first right holder ' s digital signature to generate a digital * 
signature. This process is repeated for the subsequent right holders. The right- 
holder system 700 of the second and the subsequent right holders encrypts the hash 
value of the previous right holder's digital signature to generate his own digital 
signature . 

Detailed Description Te xt (63) : 

Digital signature embedding may also be carried out as follows. That .is, the right - 
holder system 700 of the first right holder embeds a digital signature, created by 
encrypt ing_kfee ha_afa M J&aJUue > o f the content, into the content, and sends the co nten t 
To^^ex^igfiPnc^ersystefli 700 via the provider system 100. The right -holder 
systems 700 of the second and the subsequent right holders each extract ihe 
previous right holder's digital signature from the content in which the digital ■ • ; ■ 
signature is embedded, en£r^^^^^he^has^v i a^u j e^^ the extracted digital signature - 
to create the digital h d^na t u reorn?sowi^ana embeds the created digital $ 
•iignature into the oriyinal content received from the provider system 100, 
Alternatively, each of the right-holder systems 700 replaces the pre^i^us Light 
adder's digital signature, embedded in the content, with the digital :fjgnatrire t 
■is ow;i. The right -Holder system 700 then sends the content, in which his digital 
signature- is embedded, v. > .he next right-nolder system 700 via the provider system 
.J.00-. 

;et a t L-v.i D escription Text 1196) ; * 

"hat irt, as : ^hown in FIG. 24, the terminal 1101 first extracts a mark '".407 :rom a 
r 3b page, 240c :o theck Its validity (step 2401) and extracts a hash*. value 2408 
.--mbedded in the extracted mark :M07 as :i digital watermark (step 2402) . The 
terminal 1101 also calaula^^ a^Jaa^h value 2409 of the' Web page data except Lhe j 
part related >~o the mark whose validity is to be checked (step 2403) an.^-nmn^rp^l 
the ca^ula^ d hash value 2^9, wit t^t he hash value 2408 extracted from the mark m 
i step^^u4^^^^^®e9^a^cn^the rer^SSFP^RS^Ji^pTays a message stating that 'he * 
mark was validated on the display unit 11«)2; if they do not match, the terminal 
1101 displays a message stating that the mark was not validated on the display unit 
A102 {step 2405) . 

Detail ed Descri ption Text (212) : 

That is, as shown in FIG. :.9, the terminal 1800a first gets a public key 2910 *>f 
the mark management organization 1121 from the public key DB 1801. Then, the 
terminal 1800a extracts a mark 2908 from a Web page 2907 to check its validity 
".'step 2901) , extracts a digital signature 2909 embedded in the extracted mark 2908 
as a digital watermark (step 2902) , and decrypts the extracted digital signature 
using the public Key 2 910 of the mark management organization 13 21 to get a hash" 
value 2911 (step 2903) . The terminal 1800a also ca lculates a hash V-a ^ u e 2922 of the 
web page data except the part related to the marl^^^^ios^^aTidity^^ *zo oe 
checked (step 2904) , and comparers, t he calculated ha ah vali^qi 2 w^tli^hehash^ 
va lue 2911 g enerated by defryptfn^ the fefWc^ff^s^ifgafe^r? 11 extracted^rom^heflnark 
^9 N i)*8 B ^t§typ^2 905) . If they match, the terminal 1800a displays a message on the 
display unit 1102 stating that the mark was validated; if they do not match, the 
-erminal l?00a displays a message staging that the mark was not validated (step 
::V06) . ' 
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Detaile d Description Text (219) : 

That is, in the sixth embodiment, the consumer terminal extracts the mark co be 
validated from the Web page, and sends the extracted mark and a validity check 
request to the mark management server.. In the seventh and eighth embodiments, the 
consumer terminal sends Web page data containing the mark and the validity check 
request to the mark management server. On the display unit of the consumer terminal 
there, is displayed a successful or an unsuccessful validity check message sent back 
from the mark management server. On the other hand, upon receiving a validity check 
request, the mark management server performs the validity check on the mark in the 
:;arip w ay .is the- consumer term:? r, .? _| . perf -^r m £ in the sixth to eighth embodiments . Tr 
the sixth embodiment, the mark management server extracts information embedded in 
the mark sent with the request. If this information matches the information 
embedded by the mark management server, it sends a successful validity message to 
the consumer terminal; it not, it sends an unsuccessful validity check 
the consumer terminal. In the seventh embodiment ,^th&^mar^4(^^s^^^^^r^Q 
extracts .^he mark from the Web page sent with the^^^que^^^extracts the 
embedded in the mark as the digital watermark, cgJcjjJ^fceVN 

page except the area related to the mark to be y^ljida^cj^l^^ s_ 
jg^fcte ^fag Has_h value extjq gcj^eAj If thisy-^mat ch^^^e^mark~man'agemen 

serversendlT^ to th^ponsumer terminal, and 

not, it sends an unsuccessf ul message to the consums^rTerminal . In the eighth 
embodiment, - the mark management server extractsx^ne mark from the Web page ren_ 
witn ;he request, extracts the digital signature embedded in the extracted mark 
;he digital wa t e rma rk^-and extracts the^rash value by decrypting the digital 
signature wi;:h \\ pumic ReyN&f tfte^^mark management organization. The mark 
management server £§0^0^!^^^^^ the Web page data except the area 

; :elated the •::ark,^to^e~vaT ^Ja this value with the hash -/iiiiue 

■j e ne r h t ■ J i\ y . 1 e c ryp t jrn ^C^ e^oli g i t a 1 si gnafere extrncr&d~fttrT~^^ Lliey 
:^ati:h, the v-iaik rr^nayement server 3ends a successful validity check u-easage the 
:.:.onv i it --tx ■ ;ri i; *- *.: I ; nd •! i , >r. , s h -\6 ? : i unsucces s t u 1 me s s ag e to >he err - ~x \r _ 
\..cirnii'vO. . 
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L2: Entry 1 of 3 File: USPT Jul 8, 2003 



US -PAT -NO: 6591250 
DOCUMENT -IDENTIFIER: US 6591250 Bl 

TITLE: System and method for managing virtual property 
DATE-ISSUED: July 8, 2003 
INVENT OR- INFORM AT ION: 

NAME CITY STATE ZIP CODE COUNTRY 

Johnson; Michael T. Derry NH 

Moromisato; George P. Cambridge MA 

US-CL-CURRENT: 705/51; 380/30, 705/3, 713/176 
ABSTRACT: 

A system and method for maj^q^i q virt ual property is disclosed. In the system, 
virtual items are each represenPeVTS^Wf^WMIWWKiigi tal objects and are managed 
by one or more computer systems functioning as an owner, broker, authe nticator and 
provider. 

43 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 14 
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US -PAT -NO 
DOCUMENT - 




File: USPT 



US 6131162 A 



TITLE: Digital data authentication method 




DATE-ISSUED: October 10, 2000 



Oct 10, 2000 



INVENT OR- INFO RMAT ION : 
NAME 

Yoshiura; Hiroshi 
Takaragi; Kazuo 
Sasaki; Ryoichi 
Susaki; Seiichi 
Toyoshima; His as hi 
Saito; Tsukasa 



CITY 

Kawasaki 

Ebina 
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Hachioji 

Tokyo 



STATE 



ZIP CODE 



COUNTRY 

JP 

JP 

JP 

JP 

JP 

JP 



ASSIGNEE-INFORMATION: 
NAME CITY 
Hitachi Ltd. Tokyo 



STATE 



.ZIP CODE 



COUNTRY 
JP 



TYPE CODE 
03 



APPL-NO: 09/ 090419 [PALM] 
DATE FILED: 

PARENT -CASE: 

CROSS REFERENCE TO RELATED APPLICATIONS This application is related to application 
Ser. No. 09/385,638, filed Aug. 27, 1999, entitled "Method of Generating 
Authentication Enabled Electronic Data", by Y. Nagai et al; and application Ser. 
No. 09/371,526, filed Aug. 10, 1999, entitled "Method of Appending Information to 
Image and Method of Extracting Information from Image", by H. Yoshiura et al. 



FOREIGN-APPL-PRIORITY-DATA: 
COUNTRY APPL-NO 
JP 9-148061 
J£ 9-348860 



APPL-DATE 
June 5, 1997 
December 18, 1997 



INT-CL: [07] H04 L 9/32, E0± L 9/28, H0J_ L 9/30 

US-CL-ISSUED: 713/176; 713/170, 713/181, 705/57, 380/28, 380/30 
US-CL-CURRENT: 713/176; 380/28, 380/30, 705/57, 713/170, 713/181 



FIELD- OF -SEARCH : 380/30, 380/28, 380/202, 380/279, 380/283, 705/51-58, 713/150, 
713/155, 713/162, 713/168, 713/170, 713/176, 713/180, 713/181 
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5898779 


April 1999 


Squilla et al. 


380/23 
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September 1999 


Vynne et al. 
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FOREIGN-PAT -NO 


PUBN-DATE 


COUNTRY 
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July 1989 


EP 
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OTHER PUBLICATIONS 

F. Rouaix, "A Web Navigator with Applets in Caml", 1996, Published by Elsevier 
Science B.V., Computer Networks and ISDN Systems 28, pp. 1365-1371. 

S. Anderson, et al, "Sessioneer: Flexible Session Level Authentication with off the 
shelf servers and clients", 1995 Elsevier Science B.V., Computer Networks and ISDN 
Systems 27, pp. 1047-1053. 

tf. Bender, "Techniques for Data Hiding", IBM Systems Journal, vol. 35, No. 3 & 4, 
1996, pp. 313-330. 

N. Komatsu, et al, A Proposal on Digital Watermark in Document Image Communication 
and its Application to Realizing a Signature, Electronics and Communications in 
Japan 73(1990) May, No. 5, Part I, New York, US, pp. 22-33. 

B. Schneier, Applied Cryptography 1996, John Wiley & Sons, US New York, pp. 39-41. 
Sasaki, et al, Security Technology for Open Networks, Hitachi Review, JP, Hitachi, 
Ltd., Tokyo, vol. 46, No. 4, pp. 197-202. 

M. Schneider et al, A Robust Content Based Digital Signature for Image 
Authentication, Proceedings of the International Conference on Image Processing, 
US, New York, IEEE, pp. 227-230. 

W. Bender, Techniques for Data Hiding, IBM Systems Journal, vol. 35, No. 3 & 4, 
1996, pp. 313-336. 

Eiji Okamoto, Ango Riron Nyumon (Introduction to Cryptography), Kyoritsu Shuppan 
Co., Ltd.,' 1993, pp. 133-137. 

Bruce Schneier, Applied Cryptography, 2.sup.nd Ed., John Wilsy & Sons, Inc., 1996, 
pp. 39-41. 

Nikkei Electronics., No. 683, 1997, pp. 99-107. 
Opendesign., Apr., 1996, pp. 4-22. 
Opendesign., Apr. 1996, pp. 40-78. 

Jyohoshori (Information Processing), Jyohoshori Gakkai (Information 
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Processing Society of Japan), vol. 38, No. 9, 1997, pp. 752-810. 
ART-UNIT: 277 

PRIMARY-EXAMINER: Swann; Tod R. 
ASSISTANT-EXAMINER: Darrow; Justin T. 

ATT Y-AGENT -FIRM: Antonelli, Terry, Stout & Kraus, LLP 
ABSTRACT: 

This invention provides a method for identifying a purchaser who purchased content 
from which an illegal copy was produced. A provider system encrypts a content 
purchased by the purchaser using a public key of a purchaser system and sends the 
encrypted content to the purchaser system. The purchaser system creates a digital 
signature of. the content with the use of a private key of its own and embeds the 
created digital signature into the received content. When an illegal copy is found, 
the provider system verifies the digital signature, embedde oLi n the ille g al copy 
a ^ ii ni i ~>g4 oaaJ ;e rmark, to .ident ify the pj urj^haser who puTclTa's^eci the content r rom which 
t Tie i 1 le gaTSropy " w erf; producecT: ^ ~~~~ 7 



63 Claims, 29 Drawing .figures 
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May 1992 
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Corbin 
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235/379 
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April 1993 
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380/4 
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Sprague et al. 
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Wyman 
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FOREIGN PATENT DOCUMENTS 



FOREIGN-PAT -NO 

0332707 
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PUBN-DATE 
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OTHER PUBLICATIONS 



Press Release From Electronic Publishing Resources, Inc. (EPR) entitled "National 
Semiconductor and EPR Partner for Information Metering/Data Security Cards", dated 
Mar. 4, 1994. 

Weber, R., "Digital Rights Management Technology", Oct. 1995. 

European Search Report for Corresponding European Application 95308417.5. 

U. Flasche et al., Decentralized Processing of Documents, Comput. & Graphics, vol. 

10, No. 2, 1986, pp. 119-131. 

R. Mori et al. , Supe rdistribution : The Concept and the Architecture, The 
Transactions of the IEICE, vol. E 73, No. 7, 1990, Tokyo, JP, pp. 1133-1146. 
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Weber, R., "Metering Technologies For Digital Intellectual Property," A Report to 
the International Federation of Reproduction Rights Organizations, Oct. 1994, pp. 
1-29. 

Clark, P.C. and Hoffman, L.J., "Bits: A Smartcard Protected Operating System," 
Communications of the ACM, Nov. 1994, vol. 37, No. 11, pp. 66-70, and 94. 
Ross, P.E., "Data guard", Forbes, Jun. 6, 1994, p. 101. 

Saigh, V.K., "Knowledge is Sacred," Video Pocket/Page Reader Systems, Ltd., 1992. 
Kahn, R.E., "Deposit, Registration And Recordation In An Electronic Copyright 
Management System," Corporation for National Research Initiatives, Virginia, Aug. 
1992, pp. 1-19. 

Hilts, P., Mutter, J., and Taylor, S., "Books While U Wait," Publishers Weekly, 
Jan. 3, 1994, pp. 48-50. 

Strattner, A., % "Cash register on a chip" may revolutionize software pricing and 
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Willett, S., '"Metered PCs: Is your system watching you?"; Wave Systems .beta tests 
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Research and Education Network . sup . 1 , " IMA Intellectual Property Project 
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erritt, Jr., H.H., "Permissions Headers and Contract Law," IMA Intellectual 
Property Project Proceedings, Jan. 1994, vol. 1, Issue 1, pp. 27-48. 
Upthegrove, L. , and Roberts, R. , "Intellectual Property Header Descriptors: A 
Dynamic Approach," IMA Intellectual Property Project Proceedings, Jan. 1994, vol. 
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Sirbu, M.A., "Internet Billing Service Design and Prototype Implementation," IMA 
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Kahn, R.E., "Deposit, Registration and Recordation in an Electronic Copyright 
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ART-UNIT: 232 
• PRIMARY- EXAMINER: Pan; Daniel H. 
ATT Y-AGENT -FIRM: Domingo; Richard B. 
ABSTRACT: 

A system for controlling use ... aj3LQl_iliJ ^ tributionof^ d igital works. The present 
invention alloVs— the owner of a di gi tlTT wo rK to^t't^cTrViSi^? rig hts to their work. 
The usage rights define h ow the individual digital wo rk m ay be u sed and 
distributed^! nstances of hrs-a^i" ngnrsr- arc- aerinea usin $ a il exible and extensible 
'^B'HgTe-Tlgnts "grammar. Conceptually, a right in the usage rights grammar is a label 
associated with a predetermined behavior and conditions to exercising the right. 
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The behavior of a usage right is embodied in a predetermined set of usage 
transactions steps. The us age tran saction steps furthe r che ck all conditions which 

;= jMjg£rbK i gjJbeJAi^51 ^ r j^h^^^^ ^ ^e^erc ised. The~se~ nubdi | fc ! LL ^n ^ct±^ rV--^ri : ps r: 

defin e^ a protoco l for requesting the e^mge of a right and t he carrying out of a 

.rL K ^€7 === ^ — -^ ======= ::: ^^ *=====— 

28 Claims, 20 Drawing figures 
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L7: Entry 1 of 1 w w * ,P WW File: USPT Apr 27, 1999 



DOCUMENT - IDENTIFIER : US 5898779 A 

TITLE: Photograhic system with selected area image authentication 

Application Filing Date (1) : 
19970414 

Detailed Description Text (15) : 

The authentication process is depicted in FIG. 6. Since the decryption key (public 
key) of the camera is publicly available through a directory or a similar means, 
any user who wants to authenticate the image can use that key to decrypt the 
appended signature. The first step is to separate the digital signature from the* 
digital image (separation step 82) and the unencrypted header information including 
the photographer's information. The decrypted signature will include a hashed value 
of the image information along with the "photographer's information". At this 
point, if desired, the "photographer's information" can be. matched against the 
unencrypted "photographer's information" that is also included as part of the 
original image file. The next step in the process is to use the unencrypted header 
information to determine the regions of the image (identification step 34) that 
were selected for nuthentication at the time of picture taking and to select those 
pixels from the image that needs to be authenticated. The selected pixel values are 
then hashed in the same manner that was used in the camera (new hash step 86) . 
Meanwhile, the digital signal is decrypted using the public key (decryption step 
98) to obtain a decrypted hash value . If the new hashed value is identical to the 
decrypted hash value (compare suep 90) , the image is authentic and no tampering has 
been done to the image since it has been captured by the camera. This is because it 
is computationally infeasible to generate an encrypted data file" -hat would decrypt 
into a desired hash value without knowing the private key. 

Detailed Description Text (18) : 

The authentication process can also be employed in a digital device using the 
FlashPix. TM. architecture and image file format (see FlashPix Format Specification, 
Version 1.0 (1996), available at the Eastman Kodak Co. Web site at 
www.kodak.com/go/flashpix) . A FlashPix. TM. file contains the complete image plus a 
hierarchy of several lower-resolution copie s within the same file. Images at each 
resolution also are divided into rectfflf^WWRr tiles (e.g., squares), which enable 
the application to minimize the amount of image data processed to access, display 
or p^yif 3 portion of the scene content . One advantage of the FlashPix. TM. format 
is thateacn^^i^e^!8ff l ^r^P l flwfPau^HSf5^ and can be singled out for processing 
separate from the other tiles. In order to implement selected area image 
authentication on a FlashPix. TM. file, the tile pattern 12 as shown vn FIG. IB may 
be established such that its grid pattern corresponds to the FlashPix. TM. tile 
pattern and the corresponding FlashPix. TM. tiles are activated during the 
authentication process. If custom tile patterns or preset templates are chosen as 
shown in FIG. 3, the custom pattern is expanded as necessary by the logic control 
unit 34 to include an integral number of FlashPix. TM. tiles. For example, as shown 
in FIG. 8, if a preset template 92 covers a partial area of some tiles 94 within a 
FlashPix. TM. grid pattern 96, the actual pattern processed by the signal processing 
section 26 will be expanded by the logic control unit 34 to cover a plurality cf 
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whole tiles as shown by the expanded template 98. While the FlashPix. TM . format 
contains a hierarchy of lower-resolution copies of the image, and authentication 



15. An encryption system as claimed in claim 13 wherein the system further includes 
means for generating photographers information including at least one of the time 
of the day, one or more exposure settings, the name of the photographer, 
information about the scene and its content, and other information required by the 
application. 
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Elgamal, IEEE Transactions on Information Theory, V IT31, N4 , Jul. 1985. 

"A Method for Obtaining Digital Signatures and Public Key Cryptosystems, " Rivest, 

et al. Communications of the ACM V21, N2, Feb. 1978. 

"One-Way Hash Functions: Using cryptographic algorithms for hashing" by Bruce 
Schneier. Dr. Dobbs's Journal, Sep. 1991, pp. 148-151. 

"New Directions in Cryptography" by Whitfield Diffie and Martin E. Hellman. IEEE 
Transactions on Information Theory, vol. IT-22, No. 6, Nov. 1976, pp. 644-654. 

ART-UNIT: 276 

PRIMARY- EXAMINER: Cain; David, 
ATTY-AGENT-FIRM: Woods; David M. 
ABSTRACT: 

A public key encryption system for authenticating an image includes a digital 
camera having embedded therein a private key unique to the digital camera. A known 
public key uniquely based upon the private key is used to decrypt digital data 
encrypted with the private key to establish authenticity of the image. The 
encryption system further comprises means for generating one or more patterns each 
composed of at least one individual area that is visible together with the image of 
the object, means for designating at least one individual area as an active area of 
the image suitable for authenti cation and for generati ng location data identifying 
the active area, and means f orj c^L^ilati ng image ha ^JLfrom image data of the active 
area of the image using a predete rmi=fred^hash algo^»™. The image haslj^^s then 
encrypted with the embedded private key, thereby producing a^^fijtfi t a ^s^pia tu r e 
uniquely associated with the active area of the image, and the image data, the 
digital signature, and the location data of said active area are stored in a 
digital record. By confining encryption to this selected region of interest, power 
requirements for subsequent hashing and encryption are reduced, which is an 
advantage for portable devices such as a digital camera. 

36 Claims, 11 Drawing figures 
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L7: Entry 1 of 1 File: USPT Apr 27, 1999 



DOCUMENT -IDENTIFIER: US 5898779 A 

TITLE: Photograhic system with selected area image authentication 

Application Filing Date (1) : 
19970414 

Detailed Description Text (15) : 

The authentication process is depicted in FIG. 6. Since the decryption key (public 
key) of the camera is publicly available through a directory or a similar means, 
any user who wants to authenticate the image can use that key to decrypt the 
appended signature. The first step is to separate the digital signature from the 
digital image (separation step 82) and the unencrypted header information including 
the photographer's information. The decrypted signature will include a hashed value 
of the image information along with the "photographer's information". At this 
point, if desired, the "photographer's information" can be matched against the 
unencrypted "photographer's information" that is also included as part of the 
original image file. The next step in the process is to use the unencrypted header 
information to determine the regions of the image (identification step 84) that 
were selected for authentication at the time of picture taking and to select those 
pixels from the image that needs to be authenticated. The selected pixel values are 
then hashed in the same manner that was used in the camera (new hash step 86). 
Meanwhile, the digital signal is decrypted using the public key (decryption step 
88) to obtain a decrypted hash value. If, the new hashed value is identical to the 
d ^SSj M^!M^^ (compare step 90), the im^a^^is^Wthentic and no tampering has 
lJ?erfflone!^ffl^^^esir^it has been captured by the camera. This is because it 
is computationally infeasible to generate an encrypted data file that would decrypt 
into a desired hash value w ithout knowing the private key. ~ 

Detailed Description Text (18): 

The authentication process can also be employed in a digital device using the 
FlashPix. TM. architecture and image file format (see FlashPix Format Specification, 
Version 1.0 (1996), available at the Eastman Kodak Co. Web site at 

www.kodak.com/go/flashpix). A FlashPix. TM. file contains the complete image plus a 
hierarchy of several lower-resolution copies within the same file. Images at each 
resolution also are divided into rectangular tiles (e.g., squares), which enable 
the application to minimize the amount of image data processed to access, display 
or print a portion of the scene content . One advantage of the FlashPix. TM. format 
is that each tile has its own autonomy, and can be singled out for processing 
separate from the other tiles. In order to implement selected area image 
authentication on a FlashPix. TM. file, the tile pattern 12 as shown in FIG. IB may 
be established such that its grid pattern corresponds to the FlashPix. TM. tile 
pattern and the corresponding FlashPix. TM. tiles are activated during the 
authentication process. If custom tile patterns or preset templates are chosen as 
shown in FIG. 3, the custom pattern is expanded as necessary by the logic control 
unit -34 to include an integral number of FlashPix. TM. tiles. For example, as shown 
in FIG. 8, if a preset template 92 covers a partial area of some tiles 94 within a 
FlashPix. TM. grid pattern 96, the actual pattern processed by the signal processing 
section 26 will be expanded by the logic control unit 34 to cover a plurality of 
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TITLE: Data distribution system and method thereof, data processing device, data 
control device, and machine- re adable recording medium recording distribution data 

DATE-ISSUED: February 22, 2005 
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STATE 
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JP 
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03 
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□ 6016509 
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May 2001 
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Dedrick 
Stefik et al. 
Kocher et al. 
Briscoe 



709/224 
713/176 
713/194 
705/41 



FOREIGN PATENT DOCUMENTS 



FOREIGN -PAT -NO PUBN-DATE COUNTRY US-CL 

2002230428 August 2002 JP 

OTHER PUBLICATIONS 

http: //www. vector- networks . com/pcduo-ente rpri se /datasheets/ Sof tware_Mete ring . pdf . 
ART-UNIT: 3621 

PRIMARY-EXAMINER: Trammell; James P. 
ASSISTANT-EXAMINER: Winter; J 

ATT Y-AGENT -FIRM: Frommer Lawrence & Haug LLP Frommer; William S. 
ABSTRACT: 



A contents provider stor 



be decoded with a key di 
container to a service p 
the like and distributes 
charges to the EMD servi 
key, and decodes the con 
copying is permitted is 
permitted is increased e 
other media and the like 
copied, or in cases wher 
up. Thus, contents data 
data can be controlled i 



es contents data in a container in a format which can only 
stributed from an EMD service center, and transmits the 
rovider. The service provider adds pricing information and 

this to a user home network. The user home network pays 
ce center based on the pricing information, receives the 
tents data. Information regarding the number of times which 
contained in the secure container, and the number of times 
ach time charges are paid, thereby enabling copying to 
. It is impossi ble to make copies from a container simply 
e in the numoer or permitted times of copies has been used 
can be distributed in a format wherein copying of contents 
ncluding the number of copies made.. 



36 Claims, 34 Drawing figures 
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Aug 24, 2004 




US -PAT-NO: 
DOCUMENT- I fr ENT I 

TITLE: Copy protection apparatus and method 

DATE-ISSUED: August 24, 2004 



I N VENT OR -INFORMATION : 

NAME CITY 

Morito; Hajime Yokohama 



ASSIGNEE-INFORMATION: 

NAME CITY 

Hitachi, Ltd. Tokyo 

APPL-NO: 09/ 388770 ' [PALM1 
DATE FILED: September 2, 1999 
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COUNTRY APPL-NO 
EP 98307028 
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STATE 
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ZIP CODE 
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COUNTRY 
JP 



APPL-DATE 
September 2, 199E 



COUNTRY 
JP 



TYPE CODE 
03 



US-CL-ISSUED: 386/94; 360/60, 380/201 
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PAT -NO 


ISSUE-DATE 


PATENTEE-NAME 
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5323244 


June 1994 


Yamaguchi et al. 


386/94 
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5661800 
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Nakashima et al. 
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□ 6301430 October 2001 Oguro et al. 386/94 

FOREIGN PATENT DOCUMENTS 



FOREIGN -PAT -NO PUBN-DATE COUNTRY US-CL 

553 545 August 1993 EP 

809 244 November 1997 EP 



ART-UNIT: 2615 

PRIMARY-EXAMINER: Tran; Thai 

ASSISTANT-EXAMINER: Onuaku; Christopher 

ATT Y-AGENT -FIRM: Mattingly, Stanger & Malur, P.C. 

ABSTRACT: 

An apparatus and method of copy protection for use in digital data recorders such 
as DVD-RAM recorders (30), which includes using DVD disks (1) with unique serial 
numbers stored in a read only part (2) of the disk for recording data. The serial 
number of each disk together with other copy control information is digitally 
signed. The digital signature is verified at the DVD playe r/ recorder (13, 30) to 
check whether the disk being played is an original disk or an authorized copy. If 
not, play back and recording of the data on the disk is prevented. The use of copy 
control information also allows the implementation of a copy generation management 
system. 

23 Claims, 17 Drawing figures 
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□ 6236971 
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PUBN-DATE 
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OTHER PUBLICATIONS 



IBM TDB NN9509345, Methods for thwarting corrupt implemenataion of data encryption, 
Sep. 1995. 

ART-UNIT: 3621 

PRIMARY- EXAMINER: Hayes; John W. 
ASSISTANT-EXAMINER: Winter; John M 
ATT Y-AGENT -FIRM: Goodman; Edward. W. 



A usage-limit is associated with each copy of copy-protected material. A conforming 
playback device determines how much usage has been made of the copy, and only plays 
the copy-protected material if the usage is within the associated usage-limit of 
the copy. In a preferred embodiment of this invention, the providing source of the. 
copy contains a total-usage-measure that is allocated among each of the provided 
copies of the copy-protected material, thereby allowing for more than one copy of 
the copy-protected material to be produced, or "checked-out" from the providing 
source. When a copy of the copy-protected material is subsequently returned, or 
"checked-in" to the providing source, the usage allocation associated with this 
copy is returned to the total-usage-value. In this manner, if a particular copy of 
the copy-protected material is lost, damaged, or misplaced, the loss of value to 
the purchaser is merely a reduction in the available total-usage. In a preferred 
embodiment, the parameters associated with the usage-limit are communicated via the 
copy of the material in a secure manner, so that an illicit provider cannot alter 
these parameters. Similarly, in a preferred embodiment, the parameters associated 
with the usage-limit are securely bound to the copy-protected material, so that an 
illicit provider cannot substitute illicit material for the copied material. Other 
security measures, such as an encryption of the copy-protected material, 
watermarking, ticketing, and the like, are also compatible with these 
aforementioned techniques, and are included in a preferred embodiment of this 
invention. 

10 Claims, 3 Drawing figures 
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F. Rouain, "A Web Navigator with Applets in Caml", 1996, Published by Elsevier 
Science B.V., Computer Networks and ISDN System 28, pp. 1365-1371. 

S. Anderson, et al, "Sessioner: Flexible Session Level Authentication with off the 
shelf servers and clients", 1995 Elsevier Science B.V., Computer Networks and ISDN 
Systems 27, pp. 1047-1053. 

ART-UNIT: 2132 

PRIMARY- EXAMINER: Darrow; Justin T. 

ATTY-AGENT-FIRM: Antonelli, Terry, Stout & Kraus, LLP 
ABSTRACT: 

This invention provides a method for identifying a purchaser who purchased content 
from which an illegal copy was produced. A provider system encrypts purchased by 
the purchaser using a public key of a purchaser system and sends the encrypted 
content to the purchaser system. The purchaser system creates a digital signature 
of the content with the use of a private key of its own and embeds the created 
digital signature into the received content. When an illegal copy is found, the 
provider system verifies the digital signature, embedded in the illegal copy as a 
digital watermark, to identify the purchaser who purchased the content from which 
the illegal copy was produced. 

60 Claims, 29 Drawing figures 
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